nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1cbe455a5e
selinux-refpolicy/policy/modules/services/acpi.te
Russell Coker 8e633b70dd remove aliases from 20210203 
This patch against version 20220106 removes the typealias rules that were in
version 20210203.  If we include this now then the typealias rules in
question will have been there for 3 consecutive releases.  But if you think
we should wait until after the next release that's OK.

It's obvious that this patch should be included sooner or later, I think now
is a reasonable time.

Signed-off-by: Russell Coker <russell@coker.com.au>
2022-02-16 06:54:26 -05:00

236 lines
5.2 KiB
Plaintext
Raw Blame History

policy_module(acpi)
########################################
#
# Declarations
#
attribute_role acpi_roles;
roleattribute system_r acpi_roles;
type acpid_t;
type acpid_exec_t;
init_daemon_domain(acpid_t, acpid_exec_t)
type acpid_initrc_exec_t;
init_script_file(acpid_initrc_exec_t)
type acpi_t;
type acpi_exec_t;
application_domain(acpi_t, acpi_exec_t)
role acpi_roles types acpi_t;
type acpid_lock_t;
files_lock_file(acpid_lock_t)
type acpid_log_t;
logging_log_file(acpid_log_t)
type acpid_runtime_t;
files_runtime_file(acpid_runtime_t)
type acpid_tmp_t;
files_tmp_file(acpid_tmp_t)
type acpid_unit_t;
init_unit_file(acpid_unit_t)
type acpid_var_lib_t;
files_type(acpid_var_lib_t)
########################################
#
# Client local policy
#
allow acpi_t self:capability { dac_override sys_admin };
kernel_read_system_state(acpi_t)
dev_rw_acpi_bios(acpi_t)
fs_getattr_xattr_fs(acpi_t)
term_use_all_terms(acpi_t)
domain_use_interactive_fds(acpi_t)
logging_send_syslog_msg(acpi_t)
########################################
#
# Server local policy
#
allow acpid_t self:capability { kill mknod sys_admin sys_nice sys_time };
dontaudit acpid_t self:capability { dac_override dac_read_search setuid sys_ptrace sys_tty_config };
allow acpid_t self:process { signal_perms getsession };
allow acpid_t self:fifo_file rw_fifo_file_perms;
allow acpid_t self:netlink_socket create_socket_perms;
allow acpid_t self:netlink_generic_socket create_socket_perms;
allow acpid_t self:unix_stream_socket { accept listen };
allow acpid_t acpid_lock_t:file manage_file_perms;
files_lock_filetrans(acpid_t, acpid_lock_t, file)
allow acpid_t acpid_log_t:file manage_file_perms;
logging_log_filetrans(acpid_t, acpid_log_t, file)
manage_dirs_pattern(acpid_t, acpid_tmp_t, acpid_tmp_t)
manage_files_pattern(acpid_t, acpid_tmp_t, acpid_tmp_t)
files_tmp_filetrans(acpid_t, acpid_tmp_t, { file dir })
manage_dirs_pattern(acpid_t, acpid_var_lib_t, acpid_var_lib_t)
manage_files_pattern(acpid_t, acpid_var_lib_t, acpid_var_lib_t)
files_var_lib_filetrans(acpid_t, acpid_var_lib_t, dir)
manage_files_pattern(acpid_t, acpid_runtime_t, acpid_runtime_t)
manage_sock_files_pattern(acpid_t, acpid_runtime_t, acpid_runtime_t)
files_runtime_filetrans(acpid_t, acpid_runtime_t, { file sock_file })
can_exec(acpid_t, acpid_runtime_t)
kernel_read_kernel_sysctls(acpid_t)
kernel_rw_all_sysctls(acpid_t)
kernel_read_system_state(acpid_t)
kernel_write_proc_files(acpid_t)
kernel_request_load_module(acpid_t)
dev_read_input(acpid_t)
dev_read_mouse(acpid_t)
dev_read_realtime_clock(acpid_t)
dev_read_urand(acpid_t)
dev_rw_acpi_bios(acpid_t)
dev_rw_sysfs(acpid_t)
dev_watch_dev_dirs(acpid_t)
dev_dontaudit_getattr_all_chr_files(acpid_t)
dev_dontaudit_getattr_all_blk_files(acpid_t)
files_exec_etc_files(acpid_t)
files_read_etc_runtime_files(acpid_t)
files_read_usr_files(acpid_t)
files_dontaudit_getattr_all_files(acpid_t)
files_dontaudit_getattr_all_symlinks(acpid_t)
files_dontaudit_getattr_all_pipes(acpid_t)
files_dontaudit_getattr_all_sockets(acpid_t)
fs_dontaudit_list_tmpfs(acpid_t)
fs_getattr_all_fs(acpid_t)
fs_search_auto_mountpoints(acpid_t)
fs_dontaudit_getattr_all_files(acpid_t)
fs_dontaudit_getattr_all_symlinks(acpid_t)
fs_dontaudit_getattr_all_pipes(acpid_t)
fs_dontaudit_getattr_all_sockets(acpid_t)
selinux_search_fs(acpid_t)
corecmd_exec_all_executables(acpid_t)
domain_read_all_domains_state(acpid_t)
domain_dontaudit_ptrace_all_domains(acpid_t)
domain_use_interactive_fds(acpid_t)
domain_dontaudit_getattr_all_sockets(acpid_t)
domain_dontaudit_getattr_all_key_sockets(acpid_t)
domain_dontaudit_list_all_domains_state(acpid_t)
auth_use_nsswitch(acpid_t)
init_domtrans_script(acpid_t)
init_telinit(acpid_t)
libs_exec_ld_so(acpid_t)
libs_exec_lib_files(acpid_t)
logging_send_audit_msgs(acpid_t)
logging_send_syslog_msg(acpid_t)
miscfiles_read_localization(acpid_t)
miscfiles_read_hwdata(acpid_t)
modutils_domtrans(acpid_t)
modutils_read_module_config(acpid_t)
seutil_dontaudit_read_config(acpid_t)
userdom_dontaudit_use_unpriv_user_fds(acpid_t)
userdom_dontaudit_search_user_home_dirs(acpid_t)
userdom_dontaudit_search_user_home_content(acpid_t)
optional_policy(`
automount_domtrans(acpid_t)
')
optional_policy(`
clock_domtrans(acpid_t)
clock_rw_adjtime(acpid_t)
')
optional_policy(`
cron_system_entry(acpid_t, acpid_exec_t)
cron_anacron_domtrans_system_job(acpid_t)
')
optional_policy(`
devicekit_manage_runtime_files(acpid_t)
devicekit_manage_log_files(acpid_t)
devicekit_relabel_log_files(acpid_t)
')
optional_policy(`
dbus_system_bus_client(acpid_t)
optional_policy(`
networkmanager_dbus_chat(acpid_t)
')
')
optional_policy(`
fstools_domtrans(acpid_t)
')
optional_policy(`
iptables_domtrans(acpid_t)
')
optional_policy(`
logrotate_use_fds(acpid_t)
')
optional_policy(`
mta_send_mail(acpid_t)
')
optional_policy(`
netutils_domtrans(acpid_t)
')
optional_policy(`
seutil_sigchld_newrole(acpid_t)
')
optional_policy(`
shutdown_domtrans(acpid_t)
')
optional_policy(`
sysnet_domtrans_ifconfig(acpid_t)
')
optional_policy(`
init_list_unit_dirs(acpid_t)
systemd_start_power_units(acpid_t)
systemd_status_power_units(acpid_t)
')
optional_policy(`
udev_read_state(acpid_t)
')
optional_policy(`
vbetool_domtrans(acpid_t)
')
optional_policy(`
xserver_domtrans(acpid_t)
')
Reference in New Issue View Git Blame Copy Permalink